|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: K.J.Mueller
EnBW.comDate: Thu Jan 03 2002 - 08:04:17 CST
Hi,
could it be, that the text-browsers (lynx, links, w3m) don't even
bother comparing the actual server name to the certificate's
"issued for" entry?
I just tested these and none complained:
- lynx 2.8.5dev.2 (with OpenSSL 0.9.6a)
- links 0.96
- w3m 0.1.11-pre
(all on Mandrake Linux 8.1)
Neither did any of them complain when accessing a https web page
with a self-made certificate.
Regards, K.
> Looks like Konqueror 2.2.1 (Mandrake Linux 8.1 + OpenSSL 0.9.6b) is also
> vulnerable. I've got no warning when entering on this page. I've tested it
> also with lynx 2.8.4rel.1 (compiled with OpenSSL 0.9.6a on FreeBSD) with
the
> same result.
>
> --
> * Fido: 2:480/124 ** WWW: http://www.frasunek.com/ **
> NIC-HDL: PMF9-RIPE *
> * Inet: przemyslawfrasunek.com ** PGP:
> D48684904685DF43EA93AFA13BE170BF *
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]